There is known a security device called intrusion detection system (IDS) for monitoring cyber attacks. This intrusion detection system monitors communication with regard to a system and a network to be monitored and records communication logs.
In addition, such communication logs are analyzed, for example, to decide whether or not a communication source is an illegal access source based on, for example, the number of times for which the communication source attempts login authentication per unit time. Furthermore, if it is decided that the communication source is an illegal access source, such countermeasures as blocking the communication from the communication source for a certain period of time or the like is implemented.
There is known a technique in which a packet pattern that is a sign of an attack and received before a network attack is registered and in the case where the pattern is detected, a level to cope with the network attack associated with the pattern is raised.
In addition, a technique is known in which a TCP connection is detected and response time to the TCP connection is selectively delayed in order to slow down the process of the attack. The TCP connection is used by a packet that sends a request for communication start to a plurality of computers or a plurality of applications in the computers in order to find a computer in which the security level is low or to detect a flaw in the security of a computer. Japanese Laid-open Patent Publication No. 2010-250607 and Japanese Laid-open Patent Publication No. 2008-187701 are examples of the related art.